VYPR

Build Of Apache Camel For Spring Boot

by Red Hat

CVEs (8)

  • CVE-2026-28369HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote…

  • CVE-2026-28368HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request…

  • CVE-2026-28367HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic…

  • CVE-2026-3260MedMar 24, 2026
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and…

  • CVE-2023-5236Dec 18, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial…

  • CVE-2022-4245Sep 25, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

  • CVE-2022-4244Sep 25, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file…

  • CVE-2022-1415Sep 11, 2023
    risk 0.00cvss epss 0.01

    A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.